Report authorization

The authorization check on reports based on PNP/PNPCE logical database (both SAP and custom), I think is not working as suggested by SAP.  We have reports that have information on some sensitive information on employees.  From what SAP suggests if the user has infotype authorization then it should display all (including sensitive ) and if the user does not have authorization to view one infotype then it should display everything except this one infotype.  BUT in our place if a user does not have authoriztion for one infotype the reports stop saying no authorization for that particular infotype.
I have experimented this with P_ABAP with swith 1 and 2.  It still does not resolve the issue. 
It works fine on the structural profiles side.
I would appreciate if somebody can tell me if my assumptions are wrong or there is a way to make it work.
Thanks,
Net

Any ideas???

Similar Messages

  • BW report authorization for restrict cost center

    dear all,
    i have problem on BW report authorization for restrict cost center.....when i execute the query, after selection screen, appear error message 'you cannot change zv_cctr for characteristic 0COSTCENTER during query'.
    note : zv_cctr is variable restriction for costcenter, type processing = customer exit.
    below the customer exit :
    WHEN 'ZV_CCTR'.
        IF i_step = 2.
          DATA : gt_mstuidvscc TYPE TABLE OF  ztbw_mstuidvscc,
                 gs_mstuidvscc TYPE  ztbw_mstuidvscc,
                 wa_final2(10) TYPE c.
          SELECT * FROM ztbw_mstuidvscc INTO CORRESPONDING FIELDS OF TABLE gt_mstuidvscc
            WHERE userid = 'sy-uname'.
          LOOP AT gt_mstuidvscc INTO gs_mstuidvscc.
            wa_final2 = gs_mstuidvscc-kostl.
            l_s_range-opt = 'EQ'.
            l_s_range-high = wa_final2.
            APPEND l_s_range TO e_t_range.
          ENDLOOP.
        ENDIF.
    Regards,
    Tony

    i defined variable as ready for input and mandatory.
    regards,
    Tony

  • Reporting authorization issue after BI 701 05 EHP1 upgrade

    Hello,
    We have recently upgraded our BI 7.0 to BI 701 EHP1 with 05 patch level. After this we had a problem with reporting authorizations for a report (query), which has created under Virtual Infoprovider.
    Earlier the report use to be execute perfectly with authorizations S_RS_ICUBE object with Act 03, Subobject DATA, but after upgrade to EHP1, while executing report its throwing a error pasted below.
    =============================================================================================
    "Diagnosis
    Errors occured while reading a VirtualProvider outside the BI system. Check whether the previous error messages contains any information about the possible cause of this error.
    It is possible that the error message can not be displayed because the error message class does not exist in the BI system. If this is the case, only the name of the error class and the message number are displayed. View the error class in the source system of the VirtualProvider.
    System Response
    Procedure
    Since the error is not necessarily in the BI system, there is no specific procedure for resolving it. With VirtualProviders, problems often occure with the connection to the system; these can lead to system termination. If the code for the VirtualProvider is not from the SAP, contact the relevant person to help resolve the issue.
    If an SQL error is listed in the previous message, see the procedure for SQL errors."
    ===============================================================================================
    After running st01 trace we identified the missing authorization is S_RS_ICUBE with Act 03, subobject DEFINATION.
    Here please tell why is the subobject check is performed to execute a report (query), as this is happening after EHP1 upgrade, so let me know if anyone had any clue on this ...
    Thanks

    Hi Martin,
    Thanks for reply.
    The assumption what you made are correct, but these are the possible reasons only. Is there any specific note or any info from sap that these changes came due to the new release change, so that i can tell my manager clearly.
    And I am not sure whether this is impacting the reports which using the VirtualProviders (Virtual CUBE) in place. If you could get bit more information that will be helpful...Thanks in advance.
    Sridhar

  • Reporting authorization in BW 3.5: use of colon ":"

    Hello,
    we are using in our BW 3.5 system a reporting  authorization object ZAUTHOBJ. ZAUTHOBJ is defined on exactly one InfoObject ZINFOBJ (e.g. country).
    Some of our users have the following authorization
       ZINFOBJ = :
    so that they  view the values of an KYF aggregated with the characteristic ZINFOBJ. They cannot drill down to a certain value of ZINFOBJ, e.g. by filtering to a specific value.
    We are facing the following problem:
    If the user with the ":" authorization defines a query with an excluding filter on ZINFOBJ, e.g. excluding certain values, the query aggregates the KYF on the remaining values of the characteristic ZINFOBJ.
    So by this "backdoor" the user can find out the KYF of specific ZINFOBJ values.
    Is this a feature or a bug of SAP BW?
    Best regards
    Lothar

    Hi,
    We can think it as Back door or we can say We are misusing the concept of : in authorization.
    If we have to use ZAUTHOBJ = :, in any case we are not going to give Country as the free characterstic , Part of rows, and filter area.
    That means noware we use the country in the query.
    With rgds,
    Anil Kumar Sharma .P

  • Reporting Authorization - InfoObject/Navigational Attributes

    We have a custom infoobject for Vendor to which access needs to be controlled. Certain users are not supposed to have access to a number of the navigational attributes on the object however we want these users to have access to all other navigational attributes (meaning we don't want these 'fields' to be visible but everything else). We have other reporting authorization objects that prevent access to the entire 'record' if the user is not authorized for a certain value (cost center, etc.).
    Thanks.

    Hi Joerg,
    navigational attributes are treated like characteristics. You can make them authorization relevant and restrict access, e.g. by granting ":", which allows to see overall results without details on this attribute.
    Regards, Klaus

  • Aging report authorization

    What kind of authorization I need to see the aging report? I already set Finantial -> Finantial Reports -> Accounting -> Aging to full authorization but I'm not authorized anyway. The system show an error that I'm not authorized to see BP Balances.

    Hi,
    Kindly check the Authorisation for the Business Partner Module where the Balance authorisation can be checked.
    Regards,
    Jitin
    SAP Business One Forum Team

  • Payroll report authorization

    Hi experts,
    I use P_ABAP in payroll report, COARS value is "1".
    I met a case that an employee was in personal area "0001"  from 2007.04.01  to 2007.05.31. Since 2007.06.01 he has been in in personal area "0002'.
    I run payroll report to query his payroll result from 2007.04.01  to 2007.05.31, but i failed. I get message;
    "Personnel numbers skipped by the database driver"
    "Reason 1: insufficient authorization, no. skipped personnel nos.:"
    How can i do query the employee's payroll result in Pa Aare "0001"?
    Thank you !
    NT

    Hi Om,
    Thank you for the kind help.
    I can query the employee by t_code PPOME from 2007.04.01 to 2007.05.31, so I think structural authorization seems fine.  And by t_code PA20 also can query him. 
    But I can't query his payroll result by running payroll report, and standard PNP report catorgary used in the payroll report.
    I don't know whether I took mistake in assignment authorization to the report with P_ABAP ?
    Best regards,
    NT

  • Custom HR Report--Authorization check required

    Hello,
    I have a requirement where in we have created a custom report.Now when user logs in and run this particular report as their authorisation is restricted to india or whatever, they should only see data relating to their company code/country. They must not be able to see data from any other country / company code.
    Another scenario is for some users authorisations is restricted to certain Org Units and when a Key User whose authorisation is restricted to a certain Org Unit, they should only see data relating to that Org. Unit and not every one's data.
    Is there any authorization object already existing that can acheive this functionality.
    Please suggest!!
    Thank you
    Arvind
    Edited by: Arvind Soni on Sep 17, 2009 3:43 PM
    Edited by: Arvind Soni on Sep 17, 2009 3:43 PM

    Hi,
    There are some auth. objects exist in HR. Such as P_ORGIN, P_ORGXX, P_ORGINCON, P_PERNR, P_APPL, PLOG,etc..
    Make the requried setting via t-code: OOAC
    Also you can define structural auth. via t-code OOSP, OOSB.
    If you use logical database of HR (PNP,PNPCE,PCH,PAP)or standard FM to read HR data, auth. check of these auth. object will be carried out automaticlly.
    You can change the profile of the users to achieve.
    Regards,
    Chen Jian

  • Profit Center Report Authorization

    Dear Experts,
          We can give the authorization by transaction code level. But my client requirment is Transaction code S_PL0_86000029 is same but, we have 26 branches and 26 profit centers and 26 sap id's. Every sap id has authorization of above T-code. But system should allow only concern profit centers for input. I mean each Id will have only one profit center rights.
    Can we maintain authorization level in by above demensions.
    Regards,
    Balaji Bhonsle.
    Moderator: Please, open this thread in Security forum

    Hi Balaji
    Check with your BASIS guy if any auth object for Profit Center is available for this report....
    This report is based on FORM in T code FGI6 (Under 002 - 0SAPB**-02)... I am not sure whether drilldown reports have the provision to provide auth each PC wise... But certainly, the solution provided above is not the right one
    Regards
    Ajay M

  • Error in Reporting Authorization

    Hi All,
    I created an authorization object for reporting, which contains 7 different info objects.
    I tried to apply that info object to a sales report by creating a variable of type authorization.
    I added the object in a profile and attached it to a role.
    But when i try to access the report, I am not able to see all the available values in the selection list. Instead , I am getting a message like "No Values Available or Not Authorized to Display"
    To be more specific, I have 3 info objects Company Code, Plant and Sales organization which i want to restrict by authorization.
    I added 3 company codes, 3 sales org values and 3 plants to the authorization object's value.
    These values are not available for selection in the query.
    Why this is happening?
    Should I do anything else other than this?
    Please help me
    Thanks
    Shobin

    Hi Sourav,
    Thanks alot. I got your document.
    Infact I did exactly what is mentioned in that document.
    Still , I am not able to select any values when i run the query.
    Anyway, Thank You So much for your help
    Shobin

  • BI Reporting Authorization  Based on Characteristic Value  Level Error

    Dear ALL,
    i had create one authorization on sap bi and given to one user on plant level , it will work on fine RSRT,
    But when i am used it on webi report through this user then i am getting below error
    Database Error : Error in MDDataSetBW.GetCellData. You do not have Sufficient Authorization (IES 10901).
    But in repor if other than user is login and report will work fine.
    If in this report i removed key figure and only show plant then it will work with authorization.
    Please help me out from here....
    Thank You,
    Haresh

    Hi,
    "If in this report i removed key figure and only show plant then it will work with authorization."
    even afterremoving keyfigures you should  not get the records, if it is the issue with Authorization object that you have created. Check for some other authorization issues also.
    I dont know SU53 marks Authorization error, if you run from WEBI, but try that also once.
    Hope you have seen this thread,
    https://scn.sap.com/thread/1136359
    so, there is no single reason for this error
    try posting this thread in BOBJ Integration kit forum also, there some experts can help you quickly
    -Sriram
    Message was edited by: Sriramvijay R

  • Interactive reports authorization issue ?

    Hi All
    I am working on CRM 7.0  , interactive reporting
    As per SAP CRM interactive reports standards, employees can only see their opportunities and managers can see only the opportunities created by his team.
    I need that all employees can see all the opportunities created by them or others and the managers also
    What are the settings t be changed to enable this functionality
    Regards
    Fahim

    Hi!
    This is not possible with CRM interactive reporting unless you assign every employee to a manager role in the CRM Org Model (which would contradict it's purpose). Unfortunately, your request would contradict the central authorization principle behind interactive reporting.
    Due to this fact and because the expected data volume would also probably be too large to be handled by interactive reporting, I recommend to use BW reporting instead. BW is much better designed for large data volumes, and you do not have the Org Model restrictions as in interactive reporting.

  • MSS - Reports - Authorization object

    Hi
    I am working on configuring EP 7.0 ... In MSS , i have brought the reports from MDP..Its working fine when i give "SAP_ALL" profile, else i see only reports table with out any entries(Reports selection) ..when i check out Su53 for any missing Auth-object , it doesnt give any clue as it doesnt take this as authorization error.
    Any idea on what authorization object to be included in the backend role to get the reports page  displaying  all the entries/reports?
    Thanks in advance

    SU53 isn't all that useful for properly analysing authorisation checks.
    Try running an authorisation trace in transaction ST01 to see what's really happening in the backend ECC system.

  • Problem related to BW (Reports, authorizations)    & SRM portal

    Hi friends,
    problem is that, we created some SRM reports on BW its working fine , we extracted data from R3 properly, and we can able to view on BEx those reports then we created some authorizations for SRM portal,that reports working results fine, but only particulate vendor not abule to see the data.
    Authorizations created on Plant/vendor combination
    That ODS contain Data and BW reports also fine.
    What may be the reason. plz provide some solution for this.
    as of now i am thinking it may be problem with authorization , i am unable to find that, becoz other combinations are working fine
    is any information required i will provide.
    Thanks
    Srinivasa Rao polapala

    Its Ok ,Sampath
    solved that problem in a diff way.
    what i find is problem with updations.
    how to make updation in authorization object.
    when i add new plant/vendor combination , its not updating for that role.
    y it is not happening, is there any way to do that
    Thanks
    Srinivasa Rao polapala

  • Problem with report authorizations

    Hi,
    I have assinged role with same set of query. A second role works like restriction to Business Area (for example: L000).
    problem:
    It doesn't work with InfoProviders of CO module. I want to make the restriction authorization of the users like I said above, but it doesn't want to work.
    I can't do the restricted authorizations of the users to these reports, which use the Controlling (CO) data. Everything is ok, when I attach the same roles to the report, which are created from other data (FI, AA, etc.).
    No authorization can be done with InfoProviders, which belong to CO.
    What has happened?
    Any minds?

    HI,
       r u talking about selection Screen i mean Input Screen or Report Output? Let us know what is the requirement?
    All the best.
    Regards,
    Nagesh Ganisetti.

Maybe you are looking for

  • Report on Released Invoices

    Hi Gurus, Can we get a report from system that what all invoices we have released using MRBR in a single year? Please revert asap. Regards,

  • How to pass Parameter to Oracle Report from portal

    Dear All I create a report use Oracle Report, and the file name is "Account.rdf" This report have a start date parameter and a end date parameter. I put this report to the report server, and then add a new entry to the cgicmd.dat file, so i enter the

  • Error ORABPEL-10903

    Hi, I am using eclipse version 0.9.13 and working through the creditflow example. I am getting the following error message on Windows 2000 using java 1.4 Buildfile: C:\Documents and Settings\dkunzman\workspace\CreditFlow\build.xml main: [bpelc] BPEL

  • Korean language pack

    hey  im a 9360 user, i seted up for east asain language pack through blackberry desktop. however i only can read the laugages not typing. so i downloaded the all language pack from rim but my mac can't install it. could please let me know how i can s

  • KP26 & KP06 - version copying

    Dear All, My client is asking one advice , it is as follows, Can we copy the one version to a new version ( Eg V0 to Z1) with the exsisting labour rates & hours of version 0 I feel version will copy only the layout and not the values.... values are t